CH20 - Course Quiz Flashcards
A packet sniffer is a program that queries a network interface and collects packets in a file called a ______________ file?
capture
log
flow cache
syslog
capture
In NetFlow, flows are stored in a _____________?
log
flow cache
packet
frame
flow cache
An agent can solicit information from an NMS with the ____________ protocol data unit (PDU)?
set
get
response
trap
trap
It is a good idea to give root access to critical log files for performance reasons?
True
False
False
The SNMP Manager requests and processes information from the ____________ devices?
opened
closed
managed
privileged
managed
Which underlying protocol enables network monitoring tools to work?
TCP
SNMP
UDP
SMTP
SNMP (Simple Network Management Protocol)
A single flow in NetFlow is a sequence of packets from one specific place to another?
True
False
True
Which program is an example of a powerful and open source protocol analyzer?
wireshark
syslog
cisco network assistant (CNA)
PerfMon
Wireshark
On which port does NMS receive/listen?
160
161
162
163
162 (Network Management System)
Which tool was developed for packet flow monitoring and was subsequently included in Cisco Routers and Switches?
NetFlow
Wireshark
PerfMon
Syslog
NetFlow
Interface monitors track the quality and utilization of traffic through a physical _____________ or ports on a single device?
network interface card (NIC)
port
switch
frame
port
In the case of a Switch, it is typical for packet sniffers to connect to an interface using a _____________ port?
virtual
mirrored
promiscuous
closed
mirrored
Which one function is sent when an SNMP Manager wants to query an agent?
Set
Get
Response
Trap
Get
Which term does Performance Monitor use when referring to the monitored aspect of the System?
facilities
counters
modes
characteristics
counters
The current version of SNMP is SNMPv3?
True
False
True
Which tool is used to create a baseline on Windows Systems?
Performance Monitor
Cacti
Syslog
NetFlow
Performance Monitor
What User Datagram Protocol (UDP) ports does SNMP use for unsecure communication?
61 and 62
610 and 612
161 and 162
10162 and 10161
161 and 162
Explanation:
Secure TLS SNMP = 10161 and 10162
Which program is an example of graphing tool that could be used to show everything about specific switches?
NetFlow
Cacti
Syslog
Cisco Network Assistant (CNA)
Cacti
An SNMP System has up to ______________ core functions (depending on the version of SNMP)?
two
four
six
eight
eight
Performance Monitors use system ____________ files to track performance over time?
Access Control List (ACL)
flow cache
routing table
log
log
Which core function is sent by the agent after the SNMP manager queries an agent with a GetRequest or GetNextRequest?
Set
Get
Response
Trap
Response
Which sensors monitor environmental factors, such as external temperatures, humidity levels in the server room, issues with electrical load, and more?
interface
environmental
response
trap
environmental
All operating systems come with some form of baseline tools?
True
False
True
NetFlow is another name for SNMP?
True
False
False
Which interface statistic value increases when packets are received that are shorter than Ethernet’s minimum size of 64 bytes?
encapsulation
link
runts
giants
runts
An NMS can tell an agent to make changes to the information it queries and sends, called variables, through a ________________ protocol data unit (PDU)?
Set
Get
Response
Trap
Set
Managed devices run software called ________________?
robots
switches
drones
agents
agents
In NetFlow, a single flow is a sequence of _________________ from one specific place to another?
frames
packets
segments
cylinders
packets
If you want to know how hard your network is working, us a ________________?
management information base
flow cache
performance manager
interface monitor
interface monitor
A ___________ is a centralized location for technicians and administrators, used to manage all aspects of the Network?
Network Operations Center (NOC)
On an SNMP managed network, a _________________ program could create graphs and diagrams that display any set of the data received?
graphing
SNMP adds security using _______________?
Transport Layer Security (TLS)
In packet flow monitrong, a single __________________ is a sequence of packets from one specific place to another?
flow
With interface monitoring, ___________________ references how much of the port’s total bandwidth is being used?
utilization
______________________ track the bandwidth and utilization of one or more interfaces on one or more devices?
Interface Monitor
The most common macOS and Linux Performance Monitor tool is called ___________________?
Syslog
A ____________________ tracks the performance of some aspect of a system over time and lets you know when things aren’t normal?
Performance Monitor
__________________________ are the computers within a Network that are receiving the most data?
Top Listeners
SNMP uses _______________________ to categorize the data that can be queried (and subsequently analyzed)?
Management Information Bases (MIB)
The ____________________ is the defacto network management protocol for TCP/IP Networks?
Simple Network Management Protocol (SNMP)
The _________________ utility can quickly query any SNMP device directly from a computer’s terminal?
snmpwalk
The common term for each of the SNMP System core functions is ________________?
Protocol Data Unit (PDU)
Describe the ports SNMP uses for unsecure and secure communications?
SNMP Managers use UDP Ports 162 or 10162 with Transport Layer Security (TLS).
SNMP Agents use Ports 161 or 10161 with Transport Layer Security (TLS).
List the four major types of monitoring tools?
Packet (Sniffers)
Protocol (Analyzers)
(Interface) Monitors
(Performance) Monitors
Describe a baseline and explain how a baseline can point to problems on a Server or the Network?
A Baseline is a log of normal operational performance to give you a picture of your network and servers when they are working correctly.
A major change in these values can point to problems on a server or network as a whole.
How should an administrator enable NetFlow in order to use it?
NetFlow is Enabled on the Device, if the device doesn’t support NetFlow, you can use stand-alone probes that can monitor maintenance ports on the unsupported device and send the information to the NetFlow collector.
Identify three components in a Managed Network?
Managed (Devices)
SNMP (Manager)
SNMP (Agent)
Describe the two most common performance monitor tools?
Windows Performance Monitor (perfmon.exe)
Syslog (found in macOS and Linux)
What are SNMP Alerts and how are they disseminated?
Alerts, Notifications - they are sent directly to techs - via SMS text messaging and email alerts - when their intervention is required.
Describe the key component that enables performance monitors to track performance over time?
Logs - They store information about the performance of some particular aspect of a system.
Briefly list the versions of SNMP?
SNMPv1
SNMPv2
SNMPv3
Explain the purpose of applications like Cacti?
They enable you to see very quickly essential facts about your Network Hardware.
Briefly describe a packet sniffer?
It’s a program that queries a Network interface and collects packets in a file called a capture file. Might sit on a single computer or perhaps on a Router or a dedicated piece of hardware.
Explain why access to active logs must be carefully controlled and explain how this can be accomplished?
Because logs often contain private or sensitive data.
Identify additional terms for utilities that analyze packets?
Packet (Sniffer)
(Packet) Aalyzer
(Protocol) Analyzer
(Network) Analyzer